Views on increased federal access to state and local National Syndromic Surveillance Program data: a nominal group technique study with state and local epidemiologists

Background US public health authorities use syndromic surveillance to monitor and detect public health threats, conditions, and trends in near real-time. Nearly all US jurisdictions that conduct syndromic surveillance send their data to the National Syndromic Surveillance Program (NSSP), operated by the US. Centers for Disease Control and Prevention. However, current data sharing agreements limit federal access to state and local NSSP data to only multi-state regional aggregations. This limitation was a significant challenge for the national response to COVID-19. This study seeks to understand state and local epidemiologists’ views on increased federal access to state NSSP data and identify policy opportunities for public health data modernization. Methods In September 2021, we used a virtual, modified nominal group technique with twenty regionally diverse epidemiologists in leadership positions and three individuals representing national public health organizations. Participants individually generated ideas on benefits, concerns, and policy opportunities relating to increased federal access to state and local NSSP data. In small groups, participants clarified and grouped the ideas into broader themes with the assistance of the research team. An web-based survey was used to evaluate and rank the themes using five-point Likert importance questions, top-3 ranking questions, and open-ended response questions. Results Participants identified five benefit themes for increased federal access to jurisdictional NSSP data, with the most important being improved cross-jurisdiction collaboration (mean Likert = 4.53) and surveillance practice (4.07). Participants identified nine concern themes, with the most important concerns being federal actors using jurisdictional data without notice (4.60) and misinterpretation of data (4.53). Participants identified eleven policy opportunities, with the most important being involving state and local partners in analysis (4.93) and developing communication protocols (4.53). Conclusion These findings identify barriers and opportunities to federal-state-local collaboration critical to current data modernization efforts. Syndromic surveillance considerations warrant data-sharing caution. However, identified policy opportunities share congruence with existing legal agreements, suggesting that syndromic partners are closer to agreement than they might realize. Moreover, several policy opportunities (i.e., including state and local partners in data analysis and developing communication protocols) received consensus support and provide a promising path forward. Supplementary Information The online version contains supplementary material available at 10.1186/s12889-023-15161-5.


-Enhanced federal surveillance capacity (e.g., providing national pictures, completing data request normally handled by states, increased cross-jurisdictional awareness)
-"Easier to depict the national landscape of what's happening and trends (especially geographically) -allocation of resources, early warning -Timely identification of novel/emerging health issues that cross jurisdictional boundaries -In states without the ability to monitor data routinely, NSSP might be able to point out issues for state follow up that would otherwise be missed."

-Improved cross-jurisdiction collaboration efforts
-Collaborate on analysis and publications that impact more than one state, across jurisdictions, etc. -Develop best practices and compare jurisdiction-jurisdiction collaboration/techniques -Build powerful collaborations -tribal/local/state/federal that cross jurisdictional boundaries -border issues, tribal issues,

-Enhanced State Capacity
-More ability to train and onboard new staff in lower resource states or others without dedicated staff -During large emergencies there is a potential benefit to having additional eyes on data -Technical assistance in creating and standardizing syndromes for consistency across jurisdictions and support for less-resourced jurisdictions  Table A3: Thematic analyses and example ideas generated through NGT on potential policy options to address concerns of increased federal access to state and local NSSP data, 2021.
Q3: What rules, restrictions, guidelines, or codes of conduct could be implemented in the NSSP DUA or CDC policies that might address a concern addressed by you or a fellow workgroup member?

-Restrict data access for specific purposes or events
-Access to data should be at the specific individual user level, for defined time periods, for specific purposes.

-Establish audit and documentation process for data access and analysis
-…Code of conduct like Richard Hopkins' version-but with modifications. Needs to include process for removal of access. -Auditing and documentation of staff access and queries of state/local data.
-Audit trail of where, how, and to whom data was shared.

-Restrict data access to specific users (as opposed to groups of users)
-Access to data should be at the specific individual user level, for defined time periods, for specific purposes. -… States need authority for removing state level data access based on a predefined set of criteria/issues-this would exist even after access was originally granted

-Make DUA applicable to all federal recipients of NSSP data
-DUA need to include specific provisions for data re-release (if any) and that includes to internal CDC staff outside of NSSP approved staff, other federal agencies, and contractors. -…DUA be for all of CDC and all data sources in the BioSense Platform.
-What are the limits of sharing data across federal agencies/programs/different administrations and who makes that determination

-Allow optional participation in greater federal access
-Formalize the process to request the data (opt in, not opt out) -… Misuses of the data, where a local jurisdiction wants to opt out should be allowed.
-Develop agreements with each jurisdictions to opt-in on varying levels; make it optional for jurisdictions to participate.

-Include procedure for DUA renewal
-There needs to be a renewal process for the DUAs. There are many changes that happen year to year, and some are huge shifts that need to be current in the DUAs used that align with current policies in place.

-Clarify breach responsibility
-Legal authorities to collect data, who is responsible in the event of a data breach